[bug-sourceinstall] invalid write

bug-sourceinstall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-sourceinstall] invalid write

From:	Brian Gough
Subject:	[bug-sourceinstall] invalid write
Date:	Sat, 05 Dec 2009 22:20:10 +0000
User-agent:	Wanderlust/2.14.0 (Africa) Emacs/22.2 Mule/5.0 (SAKAKI)

It doesn't cause any major problem but there's a invalid write in the
function srcinst_close_package() in srcinst.c

    if (info->onclose & SRCINST_ONCLOSE_UPDATE) {
        rv = _update_package(&_srcinst_state.packages, e);
    }

    info->onclose = SRCINST_ONCLOSE_NOP;

When _update_package(&_srcinst_state.packages, e) is called and takes
the branch with _remove_package_list() it causes e to be freed.  This
causes a memory error for info->onclose = ... because info is actually
set to e->info earlier in srcinst_close_package().  I'm not sure what
the best fix is for that -- maybe just to return after
_update_package()?

$ valgrind sourceinstall --verbose -r libtool-2.2.6b
...
spawn: /bin/rmdir /home/b/bjg/systest/live/share/aclocal
spawn: /bin/rmdir /home/b/bjg/systest/live/include/libltdl
spawn: /bin/rmdir /home/b/bjg/systest/live/include
spawn: /bin/rm -fr /home/b/bjg/systest/live/.sourceinstall/build
spawn: /bin/rm -fr /home/b/bjg/systest/live/.sourceinstall/install-destdir
spawn: /bin/rm -f 
/home/b/bjg/systest/live/.sourceinstall/packages/libtool-2.2.6b
==6771== Invalid write of size 1
==6771==    at 0x4B2576E: srcinst_close_package (srcinst.c:669)
==6771==    by 0x4030B2: remove_package (sourceinstall.c:440)
==6771==    by 0x404A45: main (sourceinstall.c:1111)
==6771==  Address 0x4E9D8D0 is 16 bytes inside a block of size 128 free'd
==6771==    at 0x4A1A5B3: free (vg_replace_malloc.c:235)
==6771==    by 0x4B29E48: _free_package_element (package_list.c:39)
==6771==    by 0x4B2A14B: _remove_package_list (package_list.c:203)
==6771==    by 0x4B2C4E7: _update_package (actions.c:896)
==6771==    by 0x4B257CE: srcinst_close_package (srcinst.c:666)
==6771==    by 0x4030B2: remove_package (sourceinstall.c:440)
==6771==    by 0x404A45: main (sourceinstall.c:1111)
==6771== 
==6771== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==6771== malloc/free: in use at exit: 35 bytes in 3 blocks.
==6771== malloc/free: 10,200 allocs, 10,197 frees, 2,033,756 bytes allocated.
==6771== For counts of detected errors, rerun with: -v
==6771== searching for pointers to 3 not-freed blocks.
==6771== checked 170,928 bytes.
==6771== 
==6771== LEAK SUMMARY:
==6771==    definitely lost: 0 bytes in 0 blocks.
==6771==      possibly lost: 0 bytes in 0 blocks.
==6771==    still reachable: 35 bytes in 3 blocks.
==6771==         suppressed: 0 bytes in 0 blocks.
==6771== Reachable blocks (those to which a pointer was found) are not shown.
==6771== To see them, rerun with: --show-reachable=yes

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-sourceinstall] invalid write, Brian Gough <=
- [bug-sourceinstall] Re: invalid write, Claudio Fontana, 2009/12/05
  - [bug-sourceinstall] Re: invalid write, Brian Gough, 2009/12/06

Prev by Date: [bug-sourceinstall] Re: invalid write
Next by Date: [bug-sourceinstall] Re: patch for sourceinstaller
Next by thread: [bug-sourceinstall] Re: invalid write
Index(es):
- Date
- Thread